]> git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/alias.c
cleanup bind
[openldap] / servers / slapd / back-ldbm / alias.c
1 /* $OpenLDAP$ */
2 /*
3  * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
5  */
6
7 #include "portable.h"
8
9 #include <stdio.h>
10 #include <ac/string.h>
11 #include <ac/socket.h>
12 #include "slap.h"
13 #include "back-ldbm.h"
14 #include "proto-back-ldbm.h"
15
16
17 static int get_alias_dn(
18         Entry *e,
19         struct berval *al,
20         int *err,
21         const char **errmsg );
22
23 static void new_superior(
24         struct berval *dn,
25         struct berval *oldSup,
26         struct berval *newSup,
27         struct berval *res );
28
29 static int dnlist_subordinate(
30         BerVarray dnlist,
31         struct berval *dn );
32
33 Entry *deref_internal_r(
34         Backend*        be,
35         Entry*          alias,
36         struct berval*  dn_in,
37         int*            err,
38         Entry**         matched,
39         const char**            text )
40 {
41         struct berval dn;
42         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
43         Entry *entry;
44         Entry *sup;
45         unsigned depth;
46         BerVarray dnlist;
47
48         assert( ( alias != NULL && dn_in == NULL )
49                 || ( alias == NULL && dn_in != NULL ) );
50
51         *matched = NULL;
52         *err = LDAP_NO_SUCH_OBJECT;
53         *text = NULL;
54
55         if( alias == NULL ) {
56                 ber_dupbv( &dn, dn_in );
57                 entry = dn2entry_r( be, &dn, &sup );
58
59         } else {
60                 ber_dupbv( &dn, &alias->e_nname );
61                 entry = alias;
62                 sup = NULL;
63         }
64
65         dnlist = NULL;
66         ber_bvarray_add( &dnlist, &dn );
67
68         for( depth=0 ; ; depth++ ) {
69                 if( entry != NULL ) {
70                         Entry *newe;
71                         struct berval aliasDN;
72
73                         /* have entry, may be an alias */
74
75                         if( !is_entry_alias( entry ) ) {
76                                 /* entry is not an alias */
77                                 break;
78                         }
79
80                         /* entry is alias */
81                         if( depth > be->be_max_deref_depth ) {
82                                 *matched = entry;
83                                 entry = NULL;
84                                 *err = LDAP_ALIAS_DEREF_PROBLEM;
85                                 *text = "maximum deref depth exceeded";
86                                 break;
87                         }
88
89                         /* deref entry */
90                         if( get_alias_dn( entry, &aliasDN, err, text )) {
91                                 *matched = entry;
92                                 entry = NULL;
93                                 break;
94                         }
95
96                         /* check if aliasDN is a subordinate of any DN in our list */
97                         if( dnlist_subordinate( dnlist, &aliasDN ) ) {
98                                 ch_free( aliasDN.bv_val );
99                                 *matched = entry;
100                                 entry = NULL;
101                                 *err = LDAP_ALIAS_PROBLEM;
102                                 *text = "circular alias";
103                                 break;
104                         }
105
106                         /* attempt to dereference alias */
107
108                         newe = dn2entry_r( be, &aliasDN, &sup );
109                         ch_free( aliasDN.bv_val );
110
111                         if( newe != NULL ) {
112                                 cache_return_entry_r(&li->li_cache, entry );
113                                 entry = newe;
114                                 ber_dupbv( &dn, &entry->e_nname );
115                                 ber_bvarray_add( &dnlist, &dn );
116                                 continue;
117                         }
118                         
119                         if ( sup != NULL ) {
120                                 cache_return_entry_r(&li->li_cache, entry );
121                                 entry = NULL;
122                                 continue;
123                         }
124
125                         /* no newe and no superior, we're done */
126                         break;
127
128                 } else if( sup != NULL ) {
129                         /* have superior, may be an alias */
130                         Entry *newe;
131                         Entry *newSup;
132                         struct berval supDN;
133                         struct berval aliasDN;
134
135                         if( !is_entry_alias( sup ) ) {
136                                 /* entry is not an alias */
137                                 *matched = sup;
138                                 sup = NULL;
139                                 break;
140                         }
141
142                         /* entry is alias */
143                         if( depth > be->be_max_deref_depth ) {
144                                 *matched = sup;
145                                 entry = NULL;
146                                 *err = LDAP_ALIAS_DEREF_PROBLEM;
147                                 *text = "maximum deref depth exceeded";
148                                 break;
149                         }
150
151                         /* deref entry */
152                         if( get_alias_dn( sup, &supDN, err, text )) {
153                                 *matched = sup;
154                                 break;
155                         }
156
157                         new_superior( &dn, &sup->e_nname, &supDN, &aliasDN );
158                         free(supDN.bv_val);
159
160                         /* check if aliasDN is a subordinate of any DN in our list */
161                         if( dnlist_subordinate( dnlist, &aliasDN ) ) {
162                                 free(aliasDN.bv_val);
163                                 *matched = entry;
164                                 entry = NULL;
165                                 *err = LDAP_ALIAS_PROBLEM;
166                                 *text = "subordinate circular alias";
167                                 break;
168                         }
169
170                         /* attempt to dereference alias */
171                         newe = dn2entry_r( be, &aliasDN, &newSup );
172
173                         if( newe != NULL ) {
174                                 free(aliasDN.bv_val);
175                                 cache_return_entry_r(&li->li_cache, sup );
176                                 entry = newe;
177                                 ber_dupbv( &dn, &entry->e_nname );
178                                 ber_bvarray_add( &dnlist, &dn );
179                                 continue;
180                         }
181                         
182                         if ( newSup != NULL ) {
183                                 cache_return_entry_r(&li->li_cache, sup );
184                                 sup = newSup;
185                                 ber_dupbv( &dn, &aliasDN );
186                                 continue;
187                         }
188
189                         break;
190
191                 } else {
192                         /* no newe and no superior, we're done */
193                         break;
194                 }
195         }
196
197         ber_bvarray_free( dnlist );
198         return entry;
199 }
200
201
202 static int get_alias_dn(
203         Entry *e,
204         struct berval *ndn,
205         int *err,
206         const char **errmsg )
207 {       
208         int rc;
209         Attribute *a;
210         AttributeDescription *aliasedObjectName
211                 = slap_schema.si_ad_aliasedObjectName;
212
213         a = attr_find( e->e_attrs, aliasedObjectName );
214
215         if( a == NULL ) {
216                 /*
217                  * there was an aliasedobjectname defined but no data.
218                  */
219                 *err = LDAP_ALIAS_PROBLEM;
220                 *errmsg = "alias missing aliasedObjectName attribute";
221                 return -1;
222         }
223
224         /* 
225          * aliasedObjectName should be SINGLE-VALUED with a single value. 
226          */                     
227         if ( a->a_vals[0].bv_val == NULL ) {
228                 /*
229                  * there was an aliasedobjectname defined but no data.
230                  */
231                 *err = LDAP_ALIAS_PROBLEM;
232                 *errmsg = "alias missing aliasedObjectName value";
233                 return -1;
234         }
235
236         if( a->a_vals[1].bv_val != NULL ) {
237                 *err = LDAP_ALIAS_PROBLEM;
238                 *errmsg = "alias has multivalued aliasedObjectName";
239                 return -1;
240         }
241
242         rc = dnNormalize2( NULL, &a->a_vals[0], ndn );
243         if( rc != LDAP_SUCCESS ) {
244                 *err = LDAP_ALIAS_PROBLEM;
245                 *errmsg = "alias aliasedObjectName value is invalid";
246                 return -1;
247         }
248
249         return 0;
250 }
251
252 static void new_superior(
253         struct berval *dn,
254         struct berval *oldSup,
255         struct berval *newSup,
256         struct berval *newDN )
257 {
258         size_t dnlen, olen, nlen;
259         assert( dn && oldSup && newSup && newDN );
260
261         dnlen = dn->bv_len;
262         olen = oldSup->bv_len;
263         nlen = newSup->bv_len;
264
265         newDN->bv_val = ch_malloc( dnlen - olen + nlen + 1 );
266
267         AC_MEMCPY( newDN->bv_val, dn->bv_val, dnlen - olen );
268         AC_MEMCPY( &newDN->bv_val[dnlen - olen], newSup->bv_val, nlen );
269         newDN->bv_val[dnlen - olen + nlen] = '\0';
270
271         return;
272 }
273
274 static int dnlist_subordinate(
275         BerVarray dnlist,
276         struct berval *dn )
277 {
278         assert( dnlist );
279
280         for( ; dnlist->bv_val != NULL; dnlist++ ) {
281                 if( dnIsSuffix( dnlist, dn ) ) {
282                         return 1;
283                 }
284         }
285
286         return 0;
287 }